Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1334
Views
0
Helpful
2
Replies

create user cisco switches with password expiration

CRUZPEREZ518
Level 1
Level 1

‎08-07-2019 09:34 AM

Hello, Maybe it's something simple but I can't find a way to do the following: I need to add users to my cisco switches, but to ask them to change the password at login for the first time, so far what I have been able to do is create them but with a password defined by me and I want each user to personalize it. Thank you.

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎08-07-2019 12:26 PM

You required extenal authentication with Radius/TacACS which integrate with AD/LDAP for the same.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni

‎08-07-2019 12:38 PM

Hi there,

As you have discovered this feature is not available, certainly the local user datastore is not that sophisticated.

On a side note, creating multiple local user accounts on multiple switches across your estate is not a scalable or manageable solution.

You should look at creating a central user store and have the switches configured for AAA and query it.

FreeRADIUS is a great product and can be configured to consult the local /etc/passwd database. You could configure all your network admins with shell access to the server and then expire their passwords. The next time they SSH onto the server they will have to enter a new password.

# adduser foo
# passwd -e foo

 

This new password would then be used to authenticate the user on all configured switches giving you the desired result.

 

http://wiki.freeradius.org/vendor/Cisco

 

cheers,

Seb.

 

0 Helpful
Customers Also Viewed These Support Documents